×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
kundanshekhx
Explorer
Member since: ‎09-09-2018
‎10-13-2022
Community Statistics
Posts 4
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎09-09-2018
Activity Feed
View All

Re: ERROR TcpInputProc - Message rejected. Receive...

by in Getting Data In
‎08-25-2020 08:17 AM
‎08-25-2020 08:17 AM
Hi R.Ismo, Thanks for the reply. The error message is from the indexer. As per the error message, the size of the incoming message is 369296128  bytes that turn around 352 MB. SSL is working fine as we have logs from the other data sources coming to indexers through the same UF.  This is the first time we are trying to inboard the Syslogs using TCP port.    Thanks, Kundan ... View more

ERROR TcpInputProc - Message rejected. Received un...

by in Getting Data In
‎08-25-2020 07:10 AM
‎08-25-2020 07:10 AM
Hi,  I am trying to inboard a new Syslog coming from a Syslog ng server but data is not indexing. Getting the below error in the internal logs in SH. ERROR TcpInputProc - Message rejected. Received unexpected message of size=369296128 bytes from src=xx.xx.xx.xx:xxxxx in streaming mode. Maximum message size allowed=67108864. (::) Possible invalid source sending data to splunktcp port or valid source sending unsupported payload. Below is the path I have set for the incoming logs. Syslog-ng server > Universal Forwarder(TCP port) > Indexer Below are the configurations set at the forwarder end: inputs.conf [tcp://xxxxx] sourcetype=syslog index = Index_name disabled=false outputs.conf [tcpout] defaultGroup = ABC maxQueueSize = 7MB useACK = true [tcpout:ABC] server = index_server1:42000, index_server2:42000, index_server3:42000 # SSL SETTINGS sslCertPath = $SPLUNK_HOME/etc/auth/server.pem sslRootCAPath = $SPLUNK_HOME/etc/auth/ca.pem sslPassword = xxxx sslVerifyServerCert = true   After the issue, I have tried to resolve it by setting the value of bucketRebuildMemoryHint to auto and manually both in the indexes.conf but it didn't work. indexes.conf [default] bucketRebuildMemoryHint = 569366123.   Can anyone please advise me on this?  Please let me know in case I am missing any information I missed to share which might help in reaching out to the solution.   Thanks in Advance 🙂    ... View more

Re: Why can't I see non-internal indexes in Cluste...

by in Deployment Architecture
‎08-13-2020 09:22 AM
‎08-13-2020 09:22 AM
Faced exactly the same issue. Issue resolved after adding "repFactor = auto" in test though in production everything is working fine without "repFactor = auto".   ... View more

Re: Why is cluster master not showing custom index...

by in Getting Data In
‎08-13-2020 09:18 AM
‎08-13-2020 09:18 AM
Faced exactly the same issue. Issue resolved after adding "repFactor = auto" in test though in production everything is working fine without "repFactor = auto".   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-13-2022 06:40 AM
Karma given to